Genian EDR

THREAT:`%{[AlertDecision]}`%{[Assignee]}`%{[AssigneeName]}`%{[AuthDeptCode]}`%{[AuthDeptName]}`%{[AuthID]}`%{[AuthName]}`%{[AutoResolve]}`%{[AVName]}`%{[Category]}`%{[Catgry]}`%{[Classification]}`%{[CmdLine]}`%{[CodeSign][Issuer]}`%{[CodeSign][IssuerThumbPrint]}`%{[CodeSign][SignatureVerification]}`%{[CodeSign][Signed]}`%{[CodeSign][SigningDate]}`%{[CodeSign][Subject]}`%{[CodeSign][SubjectThumbPrint]}`%{[CodeSign][Type]}`%{[CollectServerID]}`%{[CollectTime]}`%{[Confidence]}`%{[CreateTime]}`%{[DeptCodePath]}`%{[DeptNamePath]}`%{[Details]}`%{[DetectID]}`%{[DetectKeyString]}`%{[DetectMessage]}`%{[DetectSubType]}`%{[DetectTime]}`%{[DetectType]}`%{[DeviceID]}`%{[Direction]}`%{[DNSName]}`%{[Domain]}`%{[EventSeq]}`%{[EventSubType]}`%{[EventTime]}`%{[EventType]}`%{[Feed]}`%{[FileName]}`%{[FileName2]}`%{[FilePath]}`%{[FilePath2]}`%{[FileSize]}`%{[FileType]}`%{[FirstTime]}`%{[FollowLink]}`%{[HostName]}`%{[Information][CategoryID]}`%{[Information][CategoryName]}`%{[Information][PathInfo]}`%{[Information][ProductName]}`%{[Information][SourceName]}`%{[Information][ThreatInfo]}`%{[Information][ThreatName]}`%{[IP]}`%{[IsKnown]}`%{[Level]}`%{[LocalIP]}`%{[LocalPort]}`%{[LogonID]}`%{[MAC]}`%{[MalwareKind]}`%{[MD5]}`%{[Memo]}`%{[MLLevel]}`%{[MLScore]}`%{[ModifyTime]}`%{[Occurred]}`%{[PathInfo]}`%{[PathInfo2]}`%{[PathKey]}`%{[PID]}`%{[Platform]}`%{[ProcGuid]}`%{[ProcName]}`%{[ProcPath]}`%{[ProcPathKey]}`%{[Protocol]}`%{[RemoteIP]}`%{[RemotePort]}`%{[Response]}`%{[ResponseInfo]}`%{[ResponseRule]}`%{[Result]}`%{[Rule]}`%{[RuleID]}`%{[Score]}`%{[SessionID]}`%{[SHA256]}`%{[SSDEEP]}`%{[State]}

ENDPOINT:`%{[Access]}`%{[AuthDeptCode]}`%{[AuthDeptName]}`%{[AuthID]}`%{[AuthName]}`%{[BusType]}`%{[BytesRecved]}`%{[BytesSent]}`%{[Catgry]}`%{[CheckFlag]}`%{[ChildPID]}`%{[ChildProcGuid]}`%{[CmdLine]}`%{[ConnCnt]}`%{[CreateTime]}`%{[CustomTag]}`%{[DetectKey]}`%{[DetectType]}`%{[DeviceID]}`%{[Direction]}`%{[DisconnCnt]}`%{[DisconnectFlag]}`%{[DNSName]}`%{[DNSRequest]}`%{[DNSResponse]}`%{[Domain]}`%{[DriveType]}`%{[DriveType2]}`%{[EventSeq]}`%{[EventSubType]}`%{[EventTime]}`%{[EventType]}`%{[ExitFlag]}`%{[ExitTime]}`%{[Ext]}`%{[Ext2]}`%{[FileAttr]}`%{[FileName]}`%{[FileName2]}`%{[FilePath]}`%{[FilePath2]}`%{[FileSize]}`%{[FileType]}`%{[FinalName]}`%{[HasDump]}`%{[HostName]}`%{[Important]}`%{[InflowSeq]}`%{[Info]}`%{[InfoTitle]}`%{[InjectionType]}`%{[IntegrityLevel]}`%{[InteractiveFlag]}`%{[IP]}`%{[IsSystem]}`%{[JsonInfo][DecodedCmdLine]}`%{[JsonInfo][WebTitle]}`%{[JsonInfo][WebURL]}`%{[JsonInfo][WindowText]}`%{[LastDisconnTime]}`%{[LocalIP]}`%{[LocalPort]}`%{[LogonID]}`%{[MD5]}`%{[ModifyTime]}`%{[offline]}`%{[ParentProcEventSeq]}`%{[ParentProcGuid]}`%{[ParentProcName]}`%{[PID]}`%{[PPID]}`%{[ProcGuid]}`%{[ProcName]}`%{[ProcPath]}`%{[ProcUserID]}`%{[Protocol]}`%{[RegDataSize]}`%{[RegDataType]}`%{[RegKeyPath]}`%{[RegNewKeyPath]}`%{[RegValue]}`%{[RegValueName]}`%{[RelatedEventSeq]}`%{[RelatedPID]}`%{[RelatedProcGuid]}`%{[RelatedProcName]}`%{[RelatedProcPath]}`%{[RemoteIP]}`%{[RemotePort]}`%{[ReqEventSeq]}`%{[ReqGuid]}`%{[ReqName]}`%{[ReqPID]}`%{[Result]}`%{[RuleID]}`%{[SerialNumber]}`%{[SessionID]}`%{[SHA256]}`%{[Tactic]}`%{[Tag]}`%{[TargetPID]}`%{[TargetProcGuid]}`%{[TargetProcName]}`%{[TargetProcPath]}`%{[Technique]}`%{[TrunkID]}`%{[Uncertain]}`%{[VolumeGuid]}`%{[VolumeType]}`%{[WindowClassName]}`%{[WindowText]}

ALERT:`%{[AuthDeptCode]}`%{[AuthDeptName]}`%{[AuthID]}`%{[AuthName]}`%{[AVName]}`%{[Catgry]}`%{[Classification]}`%{[CmdLine]}`%{[CodeSign][Issuer]}`%{[CodeSign][IssuerThumbPrint]}`%{[CodeSign][SignatureVerification]}`%{[CodeSign][Signed]}`%{[CodeSign][SigningDate]}`%{[CodeSign][Subject]}`%{[CodeSign][SubjectThumbPrint]}`%{[CodeSign][Type]}`%{[Confidence]}`%{[CreateTime]}`%{[DeptCodePath]}`%{[DeptNamePath]}`%{[Details]}`%{[DetectID]}`%{[DetectKeyString]}`%{[DetectMessage]}`%{[DetectSubType]}`%{[DetectTime]}`%{[DetectType]}`%{[DeviceID]}`%{[Direction]}`%{[DNSName]}`%{[Domain]}`%{[EventSeq]}`%{[EventSubType]}`%{[EventTime]}`%{[EventType]}`%{[Feed]}`%{[FileName]}`%{[FileName2]}`%{[FilePath]}`%{[FilePath2]}`%{[FileSize]}`%{[FileType]}`%{[FollowLink]}`%{[HostName]}`%{[Information][CategoryID]}`%{[Information][CategoryName]}`%{[Information][PathInfo]}`%{[Information][ProductName]}`%{[Information][SourceName]}`%{[Information][ThreatInfo]}`%{[Information][ThreatName]}`%{[IP]}`%{[IsKnown]}`%{[Level]}`%{[LocalIP]}`%{[LocalPort]}`%{[LogonID]}`%{[MAC]}`%{[MalwareKind]}`%{[MD5]}`%{[MLLevel]}`%{[MLScore]}`%{[ModifyTime]}`%{[PathInfo]}`%{[PathInfo2]}`%{[PathKey]}`%{[PID]}`%{[Platform]}`%{[ProcGuid]}`%{[ProcName]}`%{[ProcPath]}`%{[ProcPathKey]}`%{[Protocol]}`%{[RemoteIP]}`%{[RemotePort]}`%{[Response]}`%{[ResponseInfo]}`%{[ResponseRule]}`%{[Result]}`%{[RuleID]}`%{[Score]}`%{[SessionID]}`%{[SHA256]}`%{[SSDEEP]}`%{[SuspiciousInfo][Confidence]}`%{[SuspiciousInfo][FileName]}`%{[SuspiciousInfo][FilePath]}`%{[SuspiciousInfo][FileSize]}`%{[SuspiciousInfo][FileType]}`%{[SuspiciousInfo][MD5]}`%{[SuspiciousInfo][MLLevel]}`%{[SuspiciousInfo][MLScore]}`%{[SuspiciousInfo][SHA256]}`%{[SuspiciousInfo][SSDEEP]}`%{[SuspiciousInfo2][Confidence]}`%{[SuspiciousInfo2][FileName]}`%{[SuspiciousInfo2][FilePath]}`%{[SuspiciousInfo2][FileSize]}`%{[SuspiciousInfo2][FileType]}`%{[SuspiciousInfo2][MD5]}`%{[SuspiciousInfo2][MLLevel]}`%{[SuspiciousInfo2][MLScore]}`%{[SuspiciousInfo2][SHA256]}`%{[SuspiciousInfo2][SSDEEP]}`%{[SuspiciousInfo3][Confidence]}`%{[SuspiciousInfo3][FileName]}`%{[SuspiciousInfo3][FilePath]}`%{[SuspiciousInfo3][FileSize]}`%{[SuspiciousInfo3][FileType]}`%{[SuspiciousInfo3][MD5]}`%{[SuspiciousInfo3][MLLevel]}`%{[SuspiciousInfo3][MLScore]}`%{[SuspiciousInfo3][SHA256]}`%{[SuspiciousInfo3][SSDEEP]}`%{[ThreatID]}`%{[YaraRuleID]}`%{[YaraRuleName]}

AUDIT:`%{[@timestamp]}`%{[actionStatusCode]}`%{[logAlertId]}`%{[logDetail]}`%{[logDeviceId]}`%{[logId]}`%{[logIdStr]}`%{[logIp]}`%{[logLinkID]}`%{[logLinkType]}`%{[logMac]}`%{[logMsg]}`%{[logThreatId]}`%{[logType]}`%{[logTypeStr]}`%{[logUserId]}`%{[logUserName]}